zilti
/
sompani-toolbox
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Removed dependency

This commit is contained in:
Daniel Ziltener 2020-01-15 13:28:22 +01:00
parent db038f7a75
commit ea026f76e7
3 changed files with 41 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
deps.edn
View File

@ -1,8 +1,7 @@
{:deps
{org.clojure/clojure {:mvn/version "1.10.1"}
clj-http {:mvn/version "3.10.0"}
amperity/vault-clj {:mvn/version "0.7.1"}
org.postgresql/postgresql {:mvn/version "42.2.8"}
org.postgresql/postgresql {:mvn/version "42.2.9"}
com.layerware/hugsql-core {:mvn/version "0.5.1"}
com.layerware/hugsql-adapter-next-jdbc {:mvn/version "0.5.1"}
digest {:mvn/version "1.4.9"}
@ -10,11 +9,15 @@
;; Logging
com.taoensso/timbre {:mvn/version "4.10.0"}
com.fzakaria/slf4j-timbre {:mvn/version "0.3.14"}
org.slf4j/log4j-over-slf4j {:mvn/version "1.7.14"}
org.slf4j/jul-to-slf4j {:mvn/version "1.7.14"}
org.slf4j/jcl-over-slf4j {:mvn/version "1.7.14"}}
org.slf4j/log4j-over-slf4j {:mvn/version "1.7.29"}
org.slf4j/jul-to-slf4j {:mvn/version "1.7.29"}
org.slf4j/jcl-over-slf4j {:mvn/version "1.7.29"}}
:paths ["src" "resources"]
:mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"}
"clojars" {:url "https://repo.clojars.org/"}}
:aliases {:test {:extra-paths ["test"]
:extra-deps {:mockery {:mvn/version "0.1.4"}}}}}
:aliases {:outdated {:extra-deps {olical/depot {:mvn/version "1.8.4"}}
:main-opts ["-m" "depot.outdated.main" "-a" "outdated"]}
:docs {:extra-deps {marginalia {:git/url "https://github.com/zilti/marginalia" :sha "33af53d4848c58aa0e7cfdd76ab23310052816af"}}
:main-opts ["-m" "marginalia.core" "-n" "Sompani-Toolbox"]}
:test {:extra-paths ["test"]
:extra-deps {mockery {:mvn/version "0.1.4"}}}}}

10
resources/nginx/skel.talent.careers
View File

@ -1,12 +1,12 @@
server {
server_name www.talent.{{company-name}}.{{company-suffix}} talent.{{company-name}}.{{company-suffix}} {{company-name}}.talent.careers;
return 301 https://talent.{{company-name}}.{{company-suffix}}$request_uri;
server_name www.talent.{{company-domain}} talent.{{company-domain}} {{company-name}}.talent.careers;
return 301 https://talent.{{company-domain}}$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name www.talent.{{company-name}}.{{company-suffix}};
server_name www.talent.{{company-domain}};
ssl_certificate /etc/letsencrypt/live/{{company-name}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{company-name}}/privkey.pem;
@ -20,13 +20,13 @@ server {
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
return 301 https://talent.{{company-name}}.{{company-suffix}}$request_uri;
return 301 https://talent.{{company-domain}}$request_uri;
}
server {
listen [::]:443 ssl;
listen 443 ssl;
server_name talent.{{company-name}}.{{company-suffix}} {{company-name}}.talent.careers;
server_name talent.{{company-domain}} {{company-name}}.talent.careers;
ssl_certificate /etc/letsencrypt/live/{{company-name}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{company-name}}/privkey.pem;

51
src/com/sompani/onboarding.clj
View File

@ -1,9 +1,15 @@
(ns com.sompani.onboarding
"A tool to automate the onboarding of new VCs.
This works by providing `-main` with an EDN file containing the keys
with the necessary info. The EDN file has to contain a map with the
following keys:
* `:company-name`: the company name as in <company-name>.talent.careers.
* `:company-domain`: the company domain name as in talent.<company-domain>."
(:require [clojure.java.shell :as sh]
[clojure.java.io :as io]
[clojure.string :as str]
[vault.core :as vault]
vault.client.http
[clj-http.client :as http]
[cljstache.core :as cljstache]
[taoensso.timbre :as timbre
@ -15,8 +21,6 @@
(java.nio.file.attribute PosixFileAttributeView
FileAttribute)))
(def vault-client (vault/new-client "http://127.0.0.1:8200"))
;; # Webserver configuration
;; ## Deployment directory structure
@ -35,7 +39,6 @@
(let [attrs (Files/getFileAttributeView (.toPath (io/file "/srv/http/www.sompani.com"))
PosixFileAttributeView
(into-array LinkOption [LinkOption/NOFOLLOW_LINKS]))
;; group (.group attrs)
owner (.getOwner attrs)
fattr (into-array FileAttribute [])]
(doseq [dir-str ["/srv/http/staging.%s.talent.careers-cache"
@ -49,24 +52,24 @@
"/srv/http/%s.talent.careers-uploads"
"/srv/http/%s.talent.careers.1234"]
:let [dir (.toPath (io/file (format dir-str company-name)))]]
(Files/createDirectory dir fattr)
(set-owner dir owner)
;; (set-group dir group)
(and
(Files/createDirectory dir fattr)
(set-owner dir owner))
)
(let [link (.toPath (io/file (format "/srv/http/staging.%s.talent.careers" company-name)))]
(Files/createSymbolicLink link
(.toPath (io/file (format "/srv/http/staging.%s.talent.careers.1234" company-name)))
fattr)
(set-owner link owner)
;; (set-group link group)
(and
(Files/createSymbolicLink link
(.toPath (io/file (format "/srv/http/staging.%s.talent.careers.1234" company-name)))
fattr)
(set-owner link owner))
)
(let [link (.toPath (io/file (format "/srv/http/%s.talent.careers" company-name)))]
(Files/createSymbolicLink link
(.toPath (io/file (format "/srv/http/%s.talent.careers.1234" company-name)))
fattr)
(set-owner link owner)
;; (set-group link group)
(and
(Files/createSymbolicLink link
(.toPath (io/file (format "/srv/http/%s.talent.careers.1234" company-name)))
fattr)
(set-owner link owner))
)))
;; ## nginx configuration
@ -81,14 +84,14 @@
(cljstache/render (slurp in-file) datamap))))
;; ## Certificates
(defn generate-certs! [{:keys [company-name company-suffix] :as datamap}]
(defn generate-certs! [{:keys [company-name company-domain] :as datamap}]
(info
(apply sh/sh (map #(cljstache/render % datamap)
["certbot" "certonly" "--nginx"
"-d" "staging.{{company-name}}.talent.careers"
"-d" "{{company-name}}.talent.careers"
"-d" "talent.{{company-name}}.{{company-suffix}}"
"-d" "www.talent.{{company-name}}.{{company-suffix}}"
"-d" "talent.{{company-domain}}"
"-d" "www.talent.{{company-domain}}"
"--cert-name" "{{company-name}}"]))))
;; # DNS configuration
@ -106,7 +109,7 @@
(defn make-basic-dns-entries! [{:keys [company-name]}]
(let [uri "https://api.cloudflare.com/client/v4/zones/5cd643e7432d7cf69f44e268e32b5452/dns_records"
headers {"Authorization" (str "Bearer " (:token (vault/read-secret vault-client "secret/cloudflare-api")))}
headers {"Authorization" (str "Bearer " (System/getenv "CLOUDFLARE_API"))}
entries (basic-dns-entries company-name)]
(debug "Creating DNS entries for" company-name "; Headers: " headers)
(doseq [entry entries]
@ -118,9 +121,7 @@
;; # Main initialization
(defn -main [& args]
(let [datamap {:company-name (nth args 0)
:company-suffix (nth args 1)}]
(vault/authenticate! vault-client :token (System/getenv "VAULT_TOKEN"))
(let [datamap (read-string (slurp (nth args 0)))]
(info "Creating deploy directories.")
(make-dirs! datamap)
(info "Creating basic DNS entries.")